Deepfake and virtual-camera tools sold on Telegram are systematically defeating bank and crypto KYC verification, with $17B stolen in crypto fraud in 2025.
Cybersecurity researchers and blockchain analytics firm Chainalysis documented a surge in KYC bypass toolkits sold openly on Telegram, enabling scammers to defeat biometric verification at major institutions including Binance, BBVA, and Revolut. Virtual-camera attacks grew 25x in 2024 vs 2023 per iProov, while multi-step fraud attempts nearly tripled among Sumsub clients. Attacks combine jailbroken phones, hooking frameworks injected into banking apps, stolen biometrics, and deepfakes. Crypto fraud losses hit $17B in 2025, up from $13B in 2024.
Attackers are injecting hooking frameworks directly into financial apps to swap the camera feed at the OS level, bypassing liveness checks before your backend ever sees a frame. Standard KYC SDKs from vendors like Sumsub or iProov cannot detect this on their own — your app-layer security matters. Runtime application self-protection (RASP) and root/jailbreak detection are no longer optional for any fintech app handling identity.
Run a static analysis pass on your iOS or Android fintech app this week using Talsec's free RASP checker to identify whether your camera pipeline is injectable — if it flags vulnerabilities, escalate to your security lead before the next release.
Go to claude.ai and open a new conversation
Tags
Also today
Signals by role
Also today
Tools mentioned